{"title":"Reconciling Competing Data Security Standards Applicable to Data Held by Retail Banks Operating in California in Light of Van Buren and TransUnion","authors":"Michael R. Sneberger","doi":"10.54648/gplr2021023","DOIUrl":null,"url":null,"abstract":"When operating in California, retail banks face competing, seemingly inconsistent, federal, state, and industry data security standards. The article describes what regulations prescribe data security standards for banks operating in California. It analyses private rights of action available in the event of a data breach, how such private rights may be affected by the Van Buren and TransUnion decisions, and what data security standards are set forth by each of the controlling regulatory regimes, as well as other industry standards which may inform the applicable standard of care regarding non-personal information. Finally, the article presents a position on how a California bank can reconcile the applicable security standards, and provides a suggestion for a data security benchmark for retail banks operating in California by positing that a ‘reasonable’ data security program is not only one based on assessment of risk and industry best practices, but is also reconcilable with the seemingly competing regulatory regimes applicable to banks operating in California.","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"46 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Global Privacy Law Review","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.54648/gplr2021023","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
When operating in California, retail banks face competing, seemingly inconsistent, federal, state, and industry data security standards. The article describes what regulations prescribe data security standards for banks operating in California. It analyses private rights of action available in the event of a data breach, how such private rights may be affected by the Van Buren and TransUnion decisions, and what data security standards are set forth by each of the controlling regulatory regimes, as well as other industry standards which may inform the applicable standard of care regarding non-personal information. Finally, the article presents a position on how a California bank can reconcile the applicable security standards, and provides a suggestion for a data security benchmark for retail banks operating in California by positing that a ‘reasonable’ data security program is not only one based on assessment of risk and industry best practices, but is also reconcilable with the seemingly competing regulatory regimes applicable to banks operating in California.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
